Full Disclosure mailing list archives

Re: Should nmap cause a DoS on cisco routers?

From: Dan Kaminsky <dan () doxpara com>
Date: Thu, 1 Jul 2010 18:38:55 +0200

And this is why BreakingPoint matters:  Because, oh man, network people let
manufacturers get away with shipping some really fragile code.

If a Windows desktop fell over because you looked at it funny -- and lets be
honest, nmap -sV is quite literally, looking at something funny -- it'd be
an unambiguous remote DoS and we'd laugh at Microsoft if they said we should
deploy best practices to deal with it.  Now, if the networking equipment in
question was a $75 Linksys router, sure.  There's a million ways to knock
those things over, and you get what you pay for.

But genuinely expensive gear?  Some of that budget needs to start going into
resiliency.

On Thu, Jul 1, 2010 at 1:07 PM, Dobbins, Roland <rdobbins () arbor net> wrote:


On Jul 1, 2010, at 5:23 PM, Thierry Zoller wrote:

If a device crashes when being scanned - it's a vulnerability.


It sounds to me as if what happened was that he ended up driving the CPUs
of the devices in question to 100%, and they stopped handling control-plane
traffic and fell over.  There are infrastructure self-protection best
current practices (BCPs) which can be deployed to defend against
infrastructure-targeted DoS.

I've only seen this happen a few hundred times or so, so I could be wrong,
of course.

;>

As the original poster posited:

Is this a configuration error of the networking devices?


The answer is, almost assuredly, "Yes."

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

   Injustice is relatively easy to bear; what stings is justice.

                       -- H.L. Mencken



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Should nmap cause a DoS on cisco routers?, (continued)
- - - Message not available
    - Re: Should nmap cause a DoS on cisco routers? coderman (Jul 08)
    - Re: Should nmap cause a DoS on cisco routers? Florian Weimer (Jul 02)
    - Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 02)
    - Re: Should nmap cause a DoS on cisco routers? Thierry Zoller (Jul 02)
    - Re: Should nmap cause a DoS on cisco routers? Champ Clark III [Softwink] (Jul 02)
    - Re: Should nmap cause a DoS on cisco routers? Christian Sciberras (Jul 02)
    - Re: Should nmap cause a DoS on cisco routers? Champ Clark III [Softwink] (Jul 02)
    - Re: Should nmap cause a DoS on cisco routers? Michal (Jul 02)
    - Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 02)
    - Re: Should nmap cause a DoS on cisco routers? coderman (Jul 02)
    - Re: Should nmap cause a DoS on cisco routers? Dan Kaminsky (Jul 01)
- Re: Should nmap cause a DoS on cisco routers? Cor Rosielle (Jul 01)
  - Re: Should nmap cause a DoS on cisco routers? Dan Kaminsky (Jul 01)
    - Re: Should nmap cause a DoS on cisco routers? Benji (Jul 01)
- Re: Should nmap cause a DoS on cisco routers? Dario Ciccarone (dciccaro) (Jul 01)
  - WiFi sniffing need to be connected? Vinicius Menezes (Jul 02)
    - Re: WiFi sniffing need to be connected? Tyler Borland (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Cor Rosielle (Jul 01)
- Re: Should nmap cause a DoS on cisco routers? Dario Ciccarone (dciccaro) (Jul 09)
  - Re: Should nmap cause a DoS on cisco routers? bk (Jul 09)
  - Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 10)

(Thread continues...)